Qualys Adds Remote Detection of the Conficker Worm

New QualysGuard Detection Allows Organizations to Detect the Multiple Variants of the Conficker Worm on their Global Networks

Redwood City, Calif, - March 30, 2009 -Qualys, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced that it added remote detection of the Conficker Worm, which has been spreading in corporate networks since November of 2008. This detection was added to QualysGuard® Vulnerability Management in order to help organizations remotely identify the multiple variants of this worm and control its spread within enterprise networks.

Conficker is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability announced in October 2008. It can spread to corporate network shares that are not protected with strong passwords and by infected USB sticks. Conficker creates a file that runs automatically on all mapped drives which is executed when the drive is accessed and then spreads to other drives connecting to an infected machine. Once a system is infected, Conficker blocks all access to security-related Web sites, preventing users from updating security software from those Web sites.

Conficker leaves a fingerprint on infected machines that can be detected remotely by using special RPC calls. The QualysGuard detection for Conficker is in QID1227, categorized as urgent with severity level 5, and the detection identifies all variants including Conficker.A, B, C or W32.Downadup.B. Organizations are encouraged to scan their global networks in order to identify infected systems, use Antivirus/Antispyware to remove the infection and then apply the Microsoft Patch from Security Bulletin MS08-067. As of late January 2009, 30 percent of all Windows machines remained unpatched.

“This new detection method allows IT administrators to remotely detect the Conficker virus directly on the infected machines without needing credentials or an agent installed. For many large enterprises, this represents an opportunity to perform a quick and non-intrusive audit of their patching efforts,” said Wolfgang Kandek, CTO of Qualys, who participated in the multivendor initiative over the weekend to implement this detection. “This security breakthrough will help many organizations tame Conficker and stop it from spreading within their networks. Special thanks to Dan Kaminsky and Rich Mogull for their efforts to pull the community together on very short notice, and for helping us add this detection within QualysGuard.”

About QualysGuard Vulnerability Management

QualysGuard is an on demand security audit service delivered over the Web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers’ time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.

About Qualys

Qualys, Inc. is the leading provider of on demand ITsecurity risk and compliance management solutions – delivered as a service.Qualys’ Software-as-a-Service solutions are deployed in a matter of hoursanywhere in the world, providing customers an immediate and continuous view oftheir security and compliance postures.

The QualysGuard® service is used today by more than 3,500 organizations in 85countries, including 40 of the Fortune Global 100 and performs more than 200million IP audits per year. Qualys has the largest vulnerability managementdeployment in the world at a Fortune Global 50 company.